4nk/lecoffre-front
5
0
Fork 0
Code Issues 3 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
lecoffre-front/.gitea/workflows/build-ext.yml
Debian Dev4 ac05049f5a ci: Utiliser le tag docker ext dans la CI
2025-10-02 14:54:04 +00:00

127 lines
4.6 KiB
YAML
Raw Blame History

name: build-and-push-ext
on:
push:
tags:
- ext
jobs:
build_push:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Prepare SSH agent (optional)
shell: bash
run: |
set -euo pipefail
eval "$(ssh-agent -s)"
if [ -n "${{ secrets.SSH_PRIVATE_KEY || '' }}" ]; then
echo "${{ secrets.SSH_PRIVATE_KEY }}" | tr -d '\r' | ssh-add - >/dev/null 2>&1 || true
fi
mkdir -p ~/.ssh
ssh-keyscan git.4nkweb.com >> ~/.ssh/known_hosts 2>/dev/null || true
echo "SSH agent ready: $SSH_AUTH_SOCK"
# Rendre l'agent dispo aux steps suivants
echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> "$GITHUB_ENV"
echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> "$GITHUB_ENV"
- name: Load .env(.example) and export NEXT_PUBLIC_* variables
shell: bash
run: |
set -euo pipefail
set -a
if [ -f .env ]; then
. ./.env
elif [ -f .env.example ]; then
# Parser .env.example même s'il est formaté en tableau Markdown
# On retire la bordure '|' éventuelle et on ne garde que les lignes KEY=VALUE
tmpenv=$(mktemp)
sed -E 's/^\|\s*//; s/\s*\|\s*$//' .env.example \
| awk 'NF>0' \
| grep -E '^[A-Z0-9_]+=.*' \
> "$tmpenv"
# Charger uniquement les variables
. "$tmpenv"
rm -f "$tmpenv"
fi
set +a
echo "Environment NEXT_PUBLIC_* available (current step):" || true
env | grep '^NEXT_PUBLIC_' || true
# Exporter pour les étapes suivantes via GITHUB_ENV
count=0
while IFS='=' read -r key value; do
echo "$key=$value" >> "$GITHUB_ENV"
count=$((count+1))
done < <(env | grep '^NEXT_PUBLIC_')
if [ "$count" -eq 0 ]; then
echo "Aucune variable NEXT_PUBLIC_* détectée (ni .env/.env.example ni secrets). Abandon." >&2
exit 1
fi
- name: Compute Docker tag from commit message or fallback
id: tag
shell: bash
run: |
set -euo pipefail
msg=$(git log -1 --pretty=%B)
if [[ "$msg" =~ ci:\ docker_tag=([a-zA-Z0-9._:-]+) ]]; then
tag="${BASH_REMATCH[1]}"
else
tag="ext"
fi
echo "TAG=$tag" | tee -a $GITHUB_OUTPUT
- name: Docker login (git.4nkweb.com)
shell: bash
env:
REG_USER: ${{ secrets.USER }}
REG_TOKEN: ${{ secrets.TOKEN }}
run: |
set -euo pipefail
echo "$REG_TOKEN" | docker login git.4nkweb.com -u "$REG_USER" --password-stdin
- name: Build image (target ext)
shell: bash
env:
DOCKER_BUILDKIT: "1"
run: |
set -euo pipefail
if [ -n "${SSH_AUTH_SOCK:-}" ]; then
buildArgs=()
# 1) Ajouter toutes les variables NEXT_PUBLIC_* chargées depuis .env
while IFS='=' read -r key _; do
[ -n "$key" ] || continue
val="${!key:-}"
buildArgs+=(--build-arg "$key=$val")
done < <(env | grep '^NEXT_PUBLIC_' | cut -d= -f1 | sort)
# 2) Fallback/override possibles depuis les secrets CI pour certaines clés critiques
[ -n "${{ secrets.NEXT_PUBLIC_4NK_URL || '' }}" ] && buildArgs+=(--build-arg NEXT_PUBLIC_4NK_URL="${{ secrets.NEXT_PUBLIC_4NK_URL }}")
[ -n "${{ secrets.NEXT_PUBLIC_4NK_IFRAME_URL || '' }}" ] && buildArgs+=(--build-arg NEXT_PUBLIC_4NK_IFRAME_URL="${{ secrets.NEXT_PUBLIC_4NK_IFRAME_URL }}")
[ -n "${{ secrets.NEXT_PUBLIC_IDNOT_CLIENT_ID || '' }}" ] && buildArgs+=(--build-arg NEXT_PUBLIC_IDNOT_CLIENT_ID="${{ secrets.NEXT_PUBLIC_IDNOT_CLIENT_ID }}")
# 3) Fail si aucune variable NEXT_PUBLIC_* n'est définie
if ! env | grep -q '^NEXT_PUBLIC_'; then
echo "Aucune variable NEXT_PUBLIC_* détectée (ni .env/.env.example ni secrets). Abandon." >&2
exit 1
fi
docker build --target ext --ssh default "${buildArgs[@]}" \
-t git.4nkweb.com/4nk/lecoffre-front:${{ steps.tag.outputs.TAG }} \
-f Dockerfile .
else
echo "SSH_AUTH_SOCK non défini: l'agent SSH n'est pas disponible. Assurez-vous de définir secrets.SSH_PRIVATE_KEY."
exit 1
fi
- name: Push image
shell: bash
run: |
set -euo pipefail
docker push git.4nkweb.com/4nk/lecoffre-front:${{ steps.tag.outputs.TAG }}
Reference in New Issue View Git Blame Copy Permalink